Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> This patch refactors ctnetlink_create_expect by spliting it in two
> chunks. As a result, we have a new function ctnetlink_alloc_expect
> to allocate and to setup the expectation from ctnetlink.
>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> +ctnetlink_alloc_expect(const struct nlattr * const cda[], struct nf_conn *ct,
> + struct nf_conntrack_tuple *tuple,
> + struct nf_conntrack_tuple *mask)
> {
[..]
> #ifdef CONFIG_MODULES
> - if (request_module("nfct-helper-%s", helpname) < 0) {
> - err = -EOPNOTSUPP;
> - goto out;
> - }
> + if (request_module("nfct-helper-%s", helpname) < 0)
> + return ERR_PTR(-EOPNOTSUPP);
Not sure if I decoded the diff correctly, but AFAIU this
function can now be called from rcu protected section (nfqueue verdict
handler), so request_module might not be safe.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
